← volver
CVE-2019-19910

CVE-2019-19910

EPSS 0.7%
The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 and/or 1.34) mishandles certain HTML attributes, as demonstrated by IMG onmouseover= (impact is XSS) and IMG src=http (impact is disclosing the client's IP address). This can occur within a talk page topical header that is viewed within a mobile (MobileFrontend) context.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gerrit.wikimedia.org/r/q/Ida471291f1698387a26736931ab17e6899e05b51https://phabricator.wikimedia.org/T240487